Proposal description
Check out my Interview with Mark Mason from Dash Force and Karen Hsu from BlockCypher:
Hello Dash Community! We are excited to introduce you the proposal for Dash Text - The first SMS wallet service exclusively for Dash!
1- MAIN OBJECTIVE:
Dash Text will be the first service to offer Dash Wallets over SMS, it is the fastest and easiest way to receive Dash, and it is one of the most practical applications for people, specially in developing countries where smartphone access and internet access is limited. Our goal is to provide easy access to Dash for everyone.
2- THE PROBLEM and VALIDATION:
Only around 40% of people in Venezuela have smartphones, this means that there are still millions of people who can't use Dash even if they wanted to. We plan to change that. Source: https://newzoo.com/insights/rankings/top-50-countries-by-smartphone-penetration-and-users/
3- THE SOLUTION:
An SMS Wallet service that allows anyone to create and manage a fully functional Dash Wallet only by texting, no need for registration, or downloads, or any hassles, just text and start Dashing, no internet connection required!
4- WHO ARE WE:
Lorenzo Rey: Project Lead. I am an Electronic Engineer, CTO of Dash Help (Support Center) and Dash Merchant - Massive Adoption Program. I am also a spokesperson for Dash in Venezuela and Latin America, I've been the speaker in Dash Caracas conferences, in Dash Youth conferences and presentations, and in events such as the Crypto Latin Fest. I've worked with Rodrigo from Dash Brasil, and with Sam Barbosa, Developer of the Dash Core Team. I've also been an advisor for many other projects such as Dash Trip, Dash Youth, Agrocognitive, and more. DASH Forum: LorenzoRey, Telegram: LorenzoRey, Discord: LorenzoReyC Ig: LorenzoReyC Tw: LorenzoReyC
Alejandro Echeverría: Mechanical Engineer, co-founder of Dash Help - Support Center and Dash Merchant Venezuela. He is also advisor for some teams in the Dash Community like Dash Argentina and Dash Youth Venezuela. Dedicated himself to make profitable business models (Easymed, TuGruero- https://tugruero.io/, Ctrl+C-USB). DASH Forum/Discord: AlejandroE. Linkedin: https://www.linkedin.com/in/alejandro-echeverrria-b739b1101/).
Carlos Echeverria: He´s got a degree in Business Administration from UNIMET (Universidad Metropolitana) in Caracas, Venezuela. He has been in charge of the finance and administration of all above companies as equal business asociated. (Ig: carlosjem1993. Tw: carlosjem. DASH Forum/Discord: carlosjem/ Linkedin: https://www.linkedin.com/in/carlos-echeverria-081a57a9/).
Carlos Heinze: Production engineer from USB (Universidad Simon Bolivar) in Caracas, Venezuela. He has been in charge of the operations of customer service, call center support and logistic of all above companies as equal business asociate. (Ig/Tw: @nachoheinze. DASH Forum: Carlos Heinze. Discord: CarlosH, Linkedin: https://www.linkedin.com/in/carlos-heinze-43483ab8/).
5- BUDGET: We did the lowest budget we could, understanding the fall n the Dash price. In this sense, we are requesting just the 0.58% of the monthly available budet.
6- ALLIES:
We will work in alliance with some Venezuelans and teams that have been funded by the Dash treasury, in this way we will work aligned and coordinated to achieve the same goal: massive adoption of Dash in Venezuela. Following are the allies:
- Dash Help - Support Center: led by Alejandro Echeverría (AlejandroE). Dash Help is the first support center of Dash (and any cryptocurrency) in the world. Prividing assistance to 6 countries already via phone calls, chat, and ticket support. All the assistance and problem solving about Dash Text will be channeled thru Dash Help.
-Dash Merchant Venezuela: led by Alejandro Echeverria (AlejandroE). Dash Merchant Venezuela is a massive adoption program for merchants to accept Dash as payment method for their products and services. We will help small merchants who don't have PCs or Smartphones so they can accept Dash as payment with our SMS Wallet service.
-Dash Youth: led by Santos Bermudez ([USER=22264]@Santos Bermúdez Ruiz[/USER]). Dash Youth Venezuela is an organization focused on spreading knowledge about cryptocurrencies and the DASH Network by giving a series of lectures for students of Middle Schools and Universities. We will work with them teaching students on how the can receive and send Dash without internet connection or smartphones.
**UPDATE REGARDING SECURITY**
Seeing the overwhelming response of the community regarding security, we have decided that we can do more. We are in talks with a respected cyber-security firm who will be tasked to supervise the setting up of the project, and will try to break its security in different ways to validate if it's secure enough and if not, do the necessary changes to guarantee maximum security. This is a measure that we had thought about doing after the product was already released, understanding that we would not be handling much funds in the beginning, but we have listened to people's opinions and comments and we agree with your concerns, they are valid and we are taking the necessary steps to improve security as much as possible since these early stages, and we are fully committed to keep improving in this regard.
We are also contacting BlockCypher, the blockchain solutions company whose APIs we are using to bring this product to life, in order to let them know about this project and to get their feedback and advise, both in security and in the best use of their tools.
We want to help as many people as we can, by making Dash easily accessible to them, and we will keep working tirelessly to make this project a reality. We are so thankful for so many positive feedback we have received, and all the suggestions and concerns, can't be happier to be part of this community! Please keep supporting us!
Security FAQs
1. Is Dash Text Secure?
- Absolutely, Dash Text is secure enough for its purpose, understanding that cryptographic keys are not stored in the user's phone, similar to how an exchange works. You should remember that this is a product for casual use and to move small amounts, we do not encourage anyone to use Dash Text wallets as their primary wallets, you should always hold your funds in more secure wallets where you control the cryptographic keys, such as the Dash Core (QT) Desktop wallet.
2. What happens if my phone is stolen or I lose it?
- You do exactly the same as you would normally: call your cellphone company and ask them to freeze your phone number (report it as lost or stolen), that will immediately block access to your Dash Text wallet, once your number is re-enabled on a new phone, you will have access to your funds again.
3. Who holds user keys?
- Keys are generated using the users phone number as seed when the system receives the first SMS. We do this using Blockcyphers API, which is a respectable blockchain solutions company that is allied to Dash.
Contact Information:
Email Address: hola@dashtext.com
Website: www.dashtext.com
Social Media:
-Facebook: Dash Text
-Instagram: @dashtext
-Twitter: @dash_text
Thanks for reading our proposal. Leave us your comment and questions. Thanks for support!
Show full description ...
Discussion: Should we fund this proposal?
Submit comment
Dash Text - SMS Wallets for Everyone (Exclusively for Dash) - First Stage Venezuela by LorenzoReyC
http://bit.ly/DWDashTextSEP18
The Tx is not really sent by SMS, what is sent by SMS is a command, which Dash Text uses to send your transaction to the blockchain for you.
I hope I answered your question, and thanks for commenting!
https://www.dashboost.org/proposals/view/128/Dash%20supports%20education%20in%20Venezuela%20while%20creating%203000%20new%20Dash%20transactions
We hope you can support us.
I think that they identified a real gap for Dash usage in Venezuela, not alone for the lack of access to smartphones but for the behavior of leaving the smartphone at home and taking the dumb phone when going to the street to avoid being mugged.
I think that this product will be really valuable to Dash users in developing nations and Venezuela is the perfect place to start with this.
This solves 3 problems:
1. Even if DASH Text got hacked the hacker could not unlock the Dash Funds because all access data commands are encrypted and this can only be unencrypted by the customer when they enter their password.
2. DashText staff could not access the funds - this gives customers confidence to use the service since they know no staff at DASH Text could access the funds. This is important because as with any company there is a turnover of staff and how can the management be 100% all of its employees are 100% trust worthy? With Zero knowledge policy the management of DASH Text do not need to be concerned about this.
3. Any liability for loss of funds lies 100% down to the customer. If their wallet gets hacked the source of security break was down to them since the rest of the system is 100% encrypted. This removes all liability from both DASH Text and therefore the DASH brand is also protected.
With a zero knowledge policy it is important that the customers are made fully aware that they are 100% responsible for remembering and safeguarding their password. If lose or forget their password there is nothing that DASH Text can do.
It would be a good idea to have a lawyer to draft up the terms of the zero knowledge policy so that DashText are protected and that the customers know their responsibilities. The legal contract will also protect DashText in case there is a security breach down to the customer's error or if the customer forgets or losses their password DashText is not liable.
If you want a zero knowledge policy to work from as a template you might try and look at some existing policies that are online with companies that offer zero knowledge services e.g. protonmail.ch and sync.com are two such zero knowledge companies.
Some companies say your data is encrypted however what they don't tell you is they still hold the keys to unlock your data. This means they are open to attack by a hacker who can access your unlock keys. I believe that most popular online data storage companies work in this way. However with Zero knowledge policy companies such as sync.com a hacker cannot gain access to your data because sync.com does not store your password anywhere.
Finally some thought needs to be given on how a customer can regain access to their funds if their phone is lost or stolen or if they lose or forget their password. What procedures would a customer need to take to recover their funds? With sync.com they simply state if you lose your password you lose your data. Therefore they recommend customers store their password in a free encryption software package e.g. https://keepassxc.org or https://pwsafe.org .Disclaimer I am not endorsing the use of these packages, it is up to each person to check for themselves if these software packages are suitable :-)
If a zero knowledge policy could be implemented for DashText it would mean that the customer would have the same responsibility for safeguarding access to their funds as they would with any crypto wallet.
If you could also perhaps get this proposed solution checked with both your security company and with BlockCypher I think that would be enough for most of the security concerns to be effectively dealt with on this proposal.
Would a zero knowledge policy be possible with DashText? If not is there a similar model you could implement that achieves the same objectives?
DeepBlue
Users of Dash Text will be able to regain access to their funds if they lose their phone as soon as they activate the same number on a new device.
We are working with our security company and with BlockCypher to guarantee maximum security but people need to understand that there is no way to do this 100% trustless, we commit to not storing user keys and so does BlockCypher, but we do need them briefly to make this work, to sign the transactions and publish them to the blockchain, then we erase them from memory.
Thanks for your comment !
In my estimation, the risk vs potential benefit is still very good for all parties involved.
solarguy
However I would still like to point out the things we have done, we run the Dash Help - Support Center, helping hundreds of users every month and providing support, we also have affiliated more than 70% of the merchants in DiscoverDash in our Dash Merchant Venezuela program, we have worked and collaborated with other Venezuelan projects like Dash Youth and Agrocognitive, we provide tech support for users in Dash Venezuelan conferences, and I have been a speaker twice for Dash Caracas conferences, and also in the Crypto Latin Fest, We provide the Core Team with useful statistics and bug reports for the Dash Wallets, we have worked with Sam Barbosa from the Dash Core development team and with Rodrigo from Dash Brazil, and more, we are 100% committed and working to make Venezuela the first Dash Nation.
I have also updated the proposal with new actions we are taking regarding security, we have listened to people's feedback and we are making sure we are doing everything possible to guarantee maximum security.
Thank you so much for your support and for commenting our proposal!
What many might not realize is the possibility that the people who run the project hijack the funds themselves, and claim that the attack was external. Please realize that if you vote YES on this project, we are trusting individuals to behave like a bank by holding the funds of others in a protected manner. I still have not decided how to vote on this project and I invite @LorenzoReyC to comment on my concern.
You know who we are and how committed we are about getting Dash everywhere because we know this will help some many people, why would we attack our own product? Also claiming that an attack was external doesn't save your reputation, you still messed up security-wise if you get hacked, and people will not trust you.
We appreciate all comments regarding security and we are taking all the necessary steps to make Dash Text as secure as possible.
Thanks again for your comment Edward we hope you can keep supporting us.
I think this project is most definitely going to be a target by people or organizations that don't want DASH established. What the will do is hire hackers to find a weak spot and hack the system. Bear in mind that even top crypto exchanges have been hacked, and they have full time security staff.
I hear what you are saying about there will be only small amounts on the platform, but if thousands of wallets are hacked that could add up to quite a tidy some of money. Also many thousands of people could get a bad image of DASH as not being secure if this service is not 100% water tight.
Do you, or anyone else involved in this project, need a money handling license for this project?
Is there a limit set on the wallets?
If so how much?
If no limit is set then for sure some people will chance it with larger amounts.
How will the users be made aware of the risks involved with using this service?
This project has to be extremely secure in order for it to have a positive outcome. Otherwise thousands and potentially millions could have a bad experience and that could reflect on the security of DASH as a currency as a whole. That could have a devastating effect on the image of DASH as a secure currency. DASH at the moment is ultra secure however ec1warc1 has raised an important point that needs to be very carefully addressed.
We do not need a money handling license for this project, licenses are needed in Venezuela for people who want to run exchanges, but also, as I mentioned before, wallets are held by BlockCypher, not us.
Regarding limits, we cannot stop someone from sending a lot of money into one of these wallets from an exchange or from a Desktop Wallet for example, what we can do is put limits once inside the system, we haven't decided how much yet tho, because if we say the limit is 30$ for example, what happens if one person worked a lot, got payed in his Dash Text wallet and now has saved 100$ to get a smartphone? he should be able to pay for it with Dash Text. On the other hand, if the limit is too high, it is effectively like having no limit for the most part, so we want to do this right and we haven't decided yet.
I was talking about this with Sam Barbosa and he agreed with the challenges of limits and that it could lead to some problematic situations, his opinion was that the work should be at communicating effectively that these wallets should not be used for large amounts, and we agree, but this doesn't mean we won't put limits, we just haven't decided how much or if we should be allowing larger quantities based on a users frequency of use.
Users will be made aware via our social media and our website, we're also considering sending a periodic SMS to people with recommendations and tips, we do not want to be annoying with this tho, maybe once a month is good enough, we'll see.
We really understand this concern and we agree completely, however we also feel that some people are talking about security levels on a scale that is out of the current scope, security is expensive and it becomes more important as you grow, we will not have millions of users and millions of dollars in our system at launch, and we're also confident that a big part of the security is on BlockCypher who are a company worth millions and is running many services that handle more money than Dash Text probably will for a good while.
Thank you so much again for your feedback Deepblue, would love to chat in private as well, you always have great ideas, Im on signal if you want to talk to me about anything. Me, Alejandro and the rest of our team really respect you and value your advice.
If so incentives short (hacking) vs long term (growing the business and profit margin), that the key problem to solve.
Furthermore by becoming public and use of various Technic's such as time locks, multi signature wallets, publicly know company and people, audit's and dare I say regulation. Should mitigate some the problems.
But honestly I don't think the amount of money that can be stolen is high enough, potentially the profits could go an 100x per year if this becomes successful, only the owners of this proposal are incompetent would that make sense.
But yes we are happy to be audited on our security measures and are open to recommendations, can't say I'm not overwhelmed at people's focus on security, that's a good sign because it shows how committed the Dash community is in making sure products are secure enough.
But it is also important to remember that this is a very inexpensive proposal to get an initial product running, as we scale, so will our security measures, just like any other internet business or service.
Today the people has a smartphone, with a minimum 3G connection to the Internet. and they communicate through the Internet through wsapp, telegram, web services, etc.
(The first 3G networks were introduced in 1998 (UMTS and CDMA2000 tech.))
Access to a second-hand smartphone or low-cost is very easy.
There are already projects in BTC and BCH of little success that cover this small market of use.
Ejem: https://cointext.io/regions/
In addition, they have support to several continents not only Venezuela (country).
The worldwide decline of GSM technology, based on the new LTE wireless connection technologies, means that creating investments that depend on technologies that are going to have a reduced use, is not the best option for investment and growth.
I don't see ROI creating this type of investments in local infrastructure, (as it is) that I think:
a) It can only be exploited in a geographical area
b) It does not have a road map of self-sufficiency, which without funds from the dash treasury, would not be viable over time.
In addition, the problem continues of not being able to use neither InstandSend or PrivateSend, which is disruptive and differentiating characteristics of Dash.. And more, when in the future the default shipping protocol can be InstandSend.
I think, that the focus is to train people in the use of Dash in smartphone, globally, from LATAM, AFRICA, USA, EU, etc. Thank you for your proposal.
Bitpesa is a 'centralized' FinTech company that connects with financial networks such as: m-pesa, swift, paypal.. through website (don't have smartphone app for simplicity), and uses the Bitcoin network, to transport value. It is a fintech company similar to uphold company, oriented to Africa and the idiosyncrasy of the African people.
Its profile of target clients are export companies or people that require currency changes (international remittances /Cross-border B2B Payments). Although they have other products.(exchange)
https://www.youtube.com/watch?v=b_6auY_IF3Y
Does your economic model require modest levels of on-going support or does it become self sustaining after 90 days? I'm still a yes either way, just want to know the details.
Full speed ahead in Venezuela. solarguy
You're totally right and we agree completely with what you said!
Regarding the economic model, we wouldn't want to charge people extra fees, so it will require modest levels of on-going support. However, we do feel like down the road when we have a large username, there could be a viable ad-based business model. The last thing we want is for the service to become annoying or intrusive with ads, so this is something we're just thinking about and that could be possible in the long term, nothing conclusive.
Thank you so much for your support !
I learned this important lesson:
Uncool = secure.
My question however is how will people secure their funds on the low end phones? e.g. is there a password they can use to unlock funds. Could they se tup a dummy account just in case someone forces them to reveal their password, they could reveal a dummy account password that has minimal funds in, but their real account has their full amount in. If they are forced to give the password for their SMS wallet they could give the dummy account with like 2 cents in. This could be an enhanced security measure to perhaps consider? The ability to create dummy wallets.
We hadn't considered dummy accounts until now because we will be promoting these wallets to be used with low amounts. The idea is that you have the majority of your funds in some form of cold storage or in your PC at home, and you periodically fund your Dash Text wallet from there.
However I think dummy accounts are a good idea to consider and would enhance security, we will explore this idea further!
Thank you so much for your support and your ideas once again, we really appreciate it!
-Lorenzo Rey
We hope to gain your support, and thank you for your comment!
1). At the point of sale, how is an end user going to pay a merchant using Dash text exactly? How do they inform their wallet, via their phone, where the Dash funds will go?
2). Regarding giving away $1 tips, I believe someone claimed the cost of a sim in Venezuela was 50cents. If this is true, then someone is incentivised to keep buying Simcards and receive $1 tips in Dash. What is your approach to mitigating fraud?
3). How viable is it for this demographic of people to sign up on one of the exchanges offering Dash to buy more Dash after successfully interacting with this service? Would they likely have bank accounts?
4). Is it possible to explore ways whereby this service could be expanded to offer users the option to buy Dash with mobile credit? I think that would make Dash Text a game changer.
Good luck!
1) The simplest (but not the only) way is for the merchant to also have a Dash Text wallet, so that the client can type the merchants number and pay that way, the command is "SEND (amount) (phonenumber)".
However the merchant can also simply text their address to the client so the client can copy/paste it and use the command "SEND (amount) (address)"
Important to mention that all of this information will be on our website www.dashtext.com, but the Dash Merchant team will be teaching merchants all about Dash Text, and the Dash Help - Support Center will solve all doubts and issues people may have as well.
2) Good question ! SIM cards are cheaper than 1$, however, even tho you will not need any registration process or give any personal information to use Dash Text, in order to get the tip, we will be asking for people's names, email and phone number and other basic info, so as to avoid people wanting to get many tips for themselves, that helps us to also get some statistics about what kind of people are most interested in the service.
3) Yes, since Venezuela is almost a cashless society, most people have bank accounts because that's the only way to pay for stuff besides crypto. We hope people get incentivized to buy more Dash after using it, but we believe the majority of people will be more incentivized to work for Dash, rather than to buy Dash with their VEF, which we think is even better, get paid in Dash, then spend your Dash, using the local currency less and less over time.
4) Using mobile credit to buy Dash directly would be awesome but implementing it brings many problems, we're still evaluating it tho, however most people in Venezuela buy mobile credit in kiosks and pay with debit card. We're preparing a project to get kiosks to also sell Dash this way, so just like people go and buy mobile credit at the local kiosk, they will also buy Dash credit in the same kiosk, and it can be sent to their Dash Text wallet or to their mobile Dash Wallet app (Android or iOs). We'll share more information about this probably in a few weeks.
Thanks again for giving us your insight, we really appreciate it!
Thank you so much for your support !
1) Who is going to build the software for it
2)How long will it take
3) Do merchants have to do anything special ? or just have regular phone-number as well
4) Are there any costs for users using this service ?
- We built the software for it, it's still on the MVP stage (minimum viable product) and there's much work to be done and to make it better.
- 4-5 weeks after funding we should have everything hosted and working including the website.
- No, merchants can receive payments in any wallet they have. Although it would be easier if they had their own Dash Text wallet since they can receive with their phone number instead of the address.
- No additional costs.
Thanks again for you support!